Why Role-Based Access is Key for Strong Data Security

Post Date: 05/29/2018
feature image

Editor’s note: This post is one in a series of posts about identity management. Check out the others below!

Since moving to all-cloud in Office 365, I have seen more and more requests from my counterparts and other business users for contractor and temporary user access. While it is exciting to have a place to work on projects with various partners, it does lead to some concerns regarding security and permissions management.

A. Software as a Service (SaaS) cloud solutions allow for more users to have access to content faster than ever before. This is often due to the fact that users who have admin access simply invoke their rights as admins to add people as they see fit.

access

B. This leads to a rather large problem – access is easy, cleanup is difficult. How exactly can these be balanced?

I. Setup dates of admission from the get-go as part of user management. If a user is a temporary or guest user, depending on the role, the user can have 30, 60, 90-day access.

II. To mitigate the pain of unexpected lockout, have a recertification process or email based on users who will expire in, say, 10 days or sooner. This email can be drafted to application owners who will then verify who should still be allowed entry.


Is your IT infrastructure ready for the recently-implemented GDPR? To ensure that you’re prepared, click here to access our free GDPR Resource Kit.


III. Require similar if not more stringent data access requirements for temporary or contractor employees compared to regular employees. Employ content containerization, limited scope of access, and multi-factor authentication for those users as if they were regular employees.

IV. Audit. Audit. Audit. Audit user activity such as log ins and access history to ensure bad actors are caught and/or proven guilty if data breaches occur. Work with the business to balance the length of audit data held versus the costs and liability for such data breaches.

C. What’s essential to keeping the castle keys with the right users is: a reliable process, trust (with verification), constant refinement, transparency, and ownership of identity as everyone’s respective role in online services.

I. Regularly reviewing which systems are being used and which ones are not, and working with the business of application priority can help scope and reduce both the cost of access and the application management burden for IT.

II. Building plans of application importance and organizing management and resources around them for user admission and identity management. This can help IT Service Managers allocate the right resources and security profiles for different cloud-based applications.


Want even more hot takes on identity management, Office 365 and more? Be sure to subscribe to our blog to stay in the loop.

Formerly a Solutions Engineer at AvePoint, Bryan worked with enterprises to implement effective business-focused governance, GDPR and regulatory compliance, proactive training and solution deployments for enterprises of all sizes, balancing customizations and available technology to meet business needs.

View all posts by Bryan Vanetten
Share this blog

Subscribe to our blog